CVE-2026-1497

Neo4j Enterprise suffers an incorrect namespace resolution in composite databases, before versions 2026.02 and 5.26.22. An admin granting access to a remote constituent "namespace.name" can inadvertently grant privileges to any local database or remote alias named "name"; if that target doesn’t e...

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

PT-2026-24715

Name of the Vulnerable Software and Affected Versions Neo4j Enterprise edition versions prior to 2026.02 Neo4j Enterprise edition versions prior to 5.26.22 Description An incorrect resolution of namespaces in composite databases in Neo4j Enterprise edition can lead to a scenario where an...

Neo4j Enterprise Edition 安全漏洞

Neo4j Enterprise Edition is a graph database developed by the American company Neo4j. Versions prior to 2026.02 and 5.26.22 contained security vulnerabilities. These vulnerabilities were caused by errors in namespace resolution within composite databases, which could potentially allow...

CVE-2026-27005

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

[SECURITY] Fedora 44 Update: coturn-4.9.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

EUVD-2018-21634

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

EUVD-2018-21647

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

CVE-2018-25188

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

CVE-2018-25188

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

CVE-2018-25179 Gumbo CMS 0.99 SQL Injection via settings endpoint

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

CVE-2018-25179 Gumbo CMS 0.99 SQL Injection via settings endpoint

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

CVE-2018-25179

Gumbo CMS 0.99 is affected by an unauthenticated SQL injection via the language parameter at the settings endpoint. An attacker can send crafted POST payloads to extract sensitive database information (e.g., usernames, databases, version details). CVSS v3.1 base score 8.2 (HIGH); CVSS v4.0 base s...

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

CVE-2018-25175

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

CVE-2018-25175

CVE-2018-25175 affects Alienor Web Libre 2.0. It is an SQL injection in index.php where the identifiant parameter can be injected via crafted POST requests, allowing unauthenticated attackers to extract sensitive database information (usernames, databases, version details). Root cause: unsanitize...

CVE-2018-25165

Galaxy Forces MMORPG 0.5.8 is affected by an SQL injection vulnerability exposed via the ads.php endpoint. The flaw allows authenticated attackers to inject crafted SQL through the type parameter in POST requests, enabling arbitrary queries and extraction of sensitive database information such as...